18 matches found
CVE-2025-37135 Authenticated Arbitrary File Deletion Vulnerabilities in AOS-8 Controller/Mobility Conductor Command Line Interface (CLI)
Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system...
WordPress NinjaScanner plugin file path validation deficiency vulnerability
WordPress NinjaScanner plugin is a lightweight, fast and powerful virus scanning plugin designed for WordPress to detect malware and viruses in websites. WordPress NinjaScanner plugin suffers from an insufficient file path validation vulnerability that can be exploited by an attacker to cause...
WordPress plugin Ajax Load More 安全漏洞
WordPress Ajax Load More plugin is an open source plugin , mainly used to achieve infinite scrolling of website content and lazy loading function , optimize the user experience through AJAX technology . WordPress Ajax Load More plugin has an authorization issue vulnerability, the vulnerability...
CVE-2025-2503
An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated user...
CVE-2023-37244
The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into...
CVE-2023-37244 Privilege escalation in N-Able's AutomationManagerAgent
The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into...
CVE-2023-37244 Privilege escalation in N-Able's AutomationManagerAgent
The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into...
CVE-2023-37244
The CVE-2023-37244 entry concerns AutomationManager.AgentService.exe and describes a TOCTOU race condition that lets standard users create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp. This could enable an attacker to manipulate the process into performing arbitra...
Elementor < 3.19.1 - Authenticated(Contributor+) Arbitrary File Deletion and PHAR Deserialization
Description The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to arbitrary file deletions and PHAR deserialization in version up to, and including 3.19.0. This is due to the plugin not providing sufficient path validation on the 'tmpname' parameter...
CVE-2023-0862
The CVE-2023-0862 entry describes a path-traversal vulnerability in NetModule NSRW web administration interface. Affected NSRW versions: 4.3.0.0 before 4.3.0.119, 4.4.0.0 before 4.4.0.118, 4.6.0.0 before 4.6.0.105, and 4.7.0.0 before 4.7.0.103. Attackers could upload malicious files to the web ro...
CVE-2021-33354
Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter...
CVE-2021-33354
Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter...
Directory traversal
Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter...
CVE-2021-33354
Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter...
CVE-2021-33354
The CVE-2021-33354 issue affects htmly prior to 2.8.1 and is a Directory Traversal vulnerability that allows remote attackers to delete arbitrary files via a modified file parameter. The root cause is improper validation of the file parameter, enabling access to files outside the intended directo...
CVE-2022-1777
The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload...
Path traversal leads to arbitrary file deletions and file writes
Description Deploy and run gogs in Windows. Proof of Concept 1.Create a repository in Gogs, upload a file named test to the repository on the web page, The content of the file is as follows: xml 1111 2.The attacker can remove any files. http request: POST...
McAfee Total Protection Elevation of Privilege Vulnerability (CNVD-2021-12082)
McAfee Total Protection MTP is a one-stop security suite. An elevation of privilege vulnerability exists in McAfee Total Protection prior to version 16.0.30. A local attacker can exploit this vulnerability to elevate privileges and perform arbitrary file deletions with SYSTEM user privileges, whi...